ClawHub

The Righteous Mind

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable book-based psychology skill with some broad routing and branding behavior, but no evidence of hidden access, persistence, or harmful actions.

Install this if you want an assistant to explain conversations through Haidt's moral foundations framework. Be aware it may activate in broad political, religious, or personal-value discussions and append Heardly branding to outputs; it should not be treated as neutral clinical, legal, or political advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list is excessively broad and includes many generic political, religious, and psychological terms such as 'care', 'fairness', 'religion', 'liberal', and 'conservative'. This can cause the skill to activate in unrelated conversations, hijacking routing and injecting this skill's framing where the user did not request it; the risk is increased because the skill also says it should trigger when the user does not know how to start, which is especially non-specific.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The onboarding example 'Map this book to my life' is highly open-ended and can invite the skill to reinterpret arbitrary personal situations through its ideological or moral framework without clear user scoping. While not directly dangerous on its own, it broadens invocation ambiguity and can encourage over-application of the skill outside its intended educational context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal